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Vkm c rt ii i u l cljinu> 4-t>, 9, 13-14, 1 6 , mid 20-21 , Vltb&c anHHUl dUlIM I and 7. Pleasi 
a rid nrnr pfmmo 33 30. Tilts ulailiiS m m flJlluw w — 

t . (Currently amendod) A method enabling a network-addressable device to detect use of its 
identity by a spoofcr spoofing vandal , comprising the acts of; 

receiving a message by the network-addressable device from a target of a denial of 
service : attack hy the spoofing vandal, said attack c omprising a denial of service communicat ing 
sent bv the spoofinp vandal to the tarpct ; 

detectin g, by the network-addressahle device, a communication protocol violation 
consequent to tho massage, wherein die communication protocol violation is indicative of [[a]] 
lbs denial of service attack on [[a}] ihc target by [[a]] ihQ spoofing vandal using an identity of the 
network-addressable device in die denial of service communication, said detecting bein g 
performed after said receiving has been performed : and 

generating, bv the network-addressa ble device, a spoofing alert responsive to the act of 
detecting the communication protocol violation. 

-2: (Original) A method enabling a network-addressable device to detect use of its identity by a 
xpoofer, comprising the acts of: 

receiving a message by the network-addressable device; 

delecting a communication protocol violation consequent to the message, wherein the 
communication protocol violation is indicative of activity of a spoofing vandal using the identity 
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of the nclwork-addrcssablc device in an attack on a target; 
recording attributes of the message; 
advancing the value of a counter associated with the target; 
comparing the value of the counter with a predetermined threshold; and 
generating u spoofing alert when the value of tho counter exceeds the threshold. 

It <* . 

-3: (Previously presented) The melhod of claim^ wherein the network-addressable device is 
connected lo the target by a communication network. 

4-6. (Canceled) 

Jt. (Currently amended) The method of claim [[3]]^ wherein said recording comprises 
recording said attributes of the message in a spoofing logbook database. 



-6! (Previously presented) The method of c1ainv?7 wherein said recorded attributes of tho message 



in the spoofing logbook database comprise a source address of the message, an indication of a 
nature of the activity of the spoofing vandal, and a time at which the message has been received. 

9. (Canceled) 

-^(Original) The melhod of claims? wherein the protocol violation includes reception by the 
nclwork-addrcssablc device of an unsolicited response message sent by tho target. 
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>fT (Original) The method of claimX wherein the protocol violation includes the reception by 
the network-addressable device of an 1CMP reply sent by the target when an ICMP PING has not 
been sent to the target by the network-addressable device. 

+z. (Original) The method of claims wherein the protocol violation includes reception by the 
network-addressable device of a SYN/ACK message when a SYN message has not been sent to 
the target by the network-addressable device. 

13-14. (Canceled) 

(Previously presented) The method of clainj^ further comprising providing a first network 
administrator who is responsible for the network-addressable device and a second network 
administrator who is responsible for the target. 

16. (Canceled) 

i?f (Previously presented) The method of claim wherein the first network administrator is a 
first automated network management system, and wherein the second network administrator is a 
second automated network management system. 

H*T (Previously presented) The mclhod of clainvfr, wherein the network-addressable device is 
connected to the spoofing vandal by (he communication network. 
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J#f (Previously presented) The method of clainv^ wherein said detecting, recording, advancing, 
comparing, and generating arc performed by the network-addressable device. 

20-21. (Canceled) 

22: (New) A method enabling a network-addressablo device lo delect use of its identity by a 
spoofing vandal, comprising the acts of: 

receiving a message by the network-addressable device from a target of a denial of 
service attack by the spoofing vandal, said attack comprising u denial of service communication 
sent by the spoofing vandal to the target; 

detecting, by the network-addressable device, a communication protocol violation 
consequent to the message, wherein the communication protocol violation is indicative of the 
denial of service uttftck on the target by the spoofing vandal using the identity of the network- 
addressable devico in the denial of service communication, said detecting being performed after 
said receiving has been performed; 

recording attributes of the message; 

advancing the value of a counter associated with the target; 

comparing the value of the counter with a predetermined threshold; 

generating a spoofing alert when a result of said comparing is that the value of the counter 
exceeds the threshold, said recording, advancing, comparing, and generating being performed by 
the network-addressable device. 
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29. (New) Tlit: method of claim .22f wherein the network-addressable device is connected to the 
target by a communication network, said method farther comprising: 

sending the spoofing alert to at least one network administrator selected from the group 
consisting of a first network administrator who is responsible for the network-addressable device, 
a second network adminislrator who is responsible for the target, and both the first network 
administrator and the second network administrator. 

>fc (New) The method of claims wherein the protocol violation includes reception by the 
network-addressable device of an unsolicited response message sent by the target. 

29. (New) The method of claim^ wherein the protocol violation includes the reception by the 
network-addressable device of an ICMP reply sent by the target when an ICMP PING has not 
been sent to the target by the network-addressable device. 

(New) The method of claimJ*, wherein the protocol violation includes reception by the 
network -addressable device of a SYN/ACK message when a SYN message has not been sent to 
the target by the network-addressable device. 

V 

iff, (New) The method of claim I, wherein the network-addressable device is connected to the 
target by a communication network, said method furlhcr comprising: 

sending the spoofing alert to at least one network administrator selected from the group 
consisting of a first network administrator who is responsible for the network-addressable device, 
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a second nclwork administrator who is responsible for the target, and both the first network 
administrator and the second network administrator. 

3 

.26! (New) The method of claim 1 , wherein the protocol violation includes reception by the 
network-addressable device of an unsolicited response message sent by the target. 

(New) The method of claim 1 , wherein the protocol violation includes the reception by the 
network-addressable device of an ICMP reply sent by the target when an 1CMP PING has not 
been sent to the target by the network-addressable device. 

XT. (New) The mclhod of claim 1, wherein ibo protocol violation includes reception by the 
nel work-addressable device of a S YN/ACK message when a S YN message has not been sent to 
the target by the network-addressable device. 
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